BGP-RT and VPN Distinguisher Attribute Rewrite Wildcard

The BGP—RT and VPN Distinguisher Attribute Rewrite Wildcard feature introduces the ability to set a range of route target (RT) community attributes or VPN distinguisher community attributes when mapping them. A network administrator might want to map one or more RTs at an egress ASBR to different RTs at an ingress ASBR. The VPN Distinguisher Attribute feature allows an administrator to map RTs to a VPN distinguisher that is carried through an eBGP and then mapped to RTs at an ingress ASBR. The mapping is achieved by configuring a route map that sets an RT range or VPN distinguisher range of extended community attributes. Specifying a range rather than individual RTs saves time and simplifies the configuration. Furthermore, a VPN distinguisher range allows more than one VPN distinguisher attribute per route-map clause, thereby removing the restriction that applied prior to this feature.

Finding Feature Information

Your software release may not support all the features documented in this module. For the latest caveats and feature information, see
Bug Search Tool and the release notes for your platform and software release. To find information about the features documented in this module, and to see a list of the releases in which each feature is supported, see the feature information table at the end of this module.

Use Cisco Feature Navigator to find information about platform support and Cisco software image support. To access Cisco Feature Navigator, go to
www.cisco.com/​go/​cfn. An account on Cisco.com is not required.

Benefits of RT and VPN Distinguisher Attribute Mapping Range

A network administrator might want to rewrite
(or map) one or more route targets (RTs) at an egress ASBR to
different RTs at an ingress ASBR. One use case would be to keep the
RTs at the egress ASBR private from the ingress ASBR.

The rewrite
is achieved by using inbound route maps, matching prefixes to
route-map clauses that match inbound RTs, and mapping those RTs to different RTs
recognized by the neighbor AS. Such a rewrite configuration could
be complex on inbound route maps, with potentially hundreds of RTs
that would need to be specified individually (configuring set extcommunity rtvalue1value2value3 ...). If the RTs being
attached to the prefixes are consecutive, the
configuration can be simplified by specifying a range of RTs. Thus,
the benefits of the RT mapping range are saving time and simplifying
the configuration.

Likewise, the mapping of RTs to a VPN
distinguisher attribute (and vice versa) can also be simplified by
specifying a range of RTs or VPN distinguishers. The BGP—VPN
Distinguisher Attribute feature allows a network administrator to
keep source RTs private from an ASBR in a destination AS. An RT at
an egress ASBR is mapped to a VPN distinguisher, the VPN
distinguisher is carried through the eBGP, and then it is mapped to
an RT at the ingress ASBR.

The RT and VPN Distinguisher Attribute Mapping
Range feature introduces the ability to specify a range of
either route targets (RTs) or VPN distinguishers when mapping them.

Another benefit applies to setting a VPN distinguisher. Prior to this feature, only one set extcommunity vpn-distinguisher value was allowed per route-map clause. With the introduction of the mapping range, a range of VPN distinguishers can be set on a route.

How to Map RTs to RTs Using a Range

Replacing an RT with a Range of RTs

Perform this task on an egress ASBR to replace a route target (RT) with an RT range. Remember to replace the range of RTs with an RT on the ingress ASBR; that task is described in the “Replacing a Range of RTs with an RT” section.

SUMMARY STEPS

1.enable

2.configureterminal

3.ipextcommunity-listexpanded-list {permit | deny} rtvalue

4.exit

5.route-mapmap-tag {permit | deny} [sequence-number]

6.matchextcommunityextended-community-list-name

7.setextcomm-listextcommunity-namedelete

8.setextcommunityrtrangestart-valueend-value

9.exit

10.route-mapmap-tag {permit | deny} [sequence-number]

11.exit

12.routerbgpas-number

13.neighborip-addressremote-asautonomous-system-number

14.address-familyvpnv4

15.neighborip-addressactivate

16.neighborip-addressroute-mapmap-tagout

17.exit-address-family

DETAILED STEPS

Command or Action

Purpose

Step 1

enable

Example:

Router> enable

Enables privileged EXEC mode.

Enter your password if prompted.

Step 2

configureterminal

Example:

Router# configure terminal

Enters global configuration mode.

Step 3

ipextcommunity-listexpanded-list {permit | deny} rtvalue

Example:

Router(config)# ip extcommunity-list 22 permit rt 101:100

Configures an IP extended community list to configure Virtual Private Network (VPN) route filtering, such that routes with the specified RT are in the extended community list.

This example permits routes having RT 101:100 into the extended community list 22.

Step 4

exit

Example:

Router(config-extcomm-list)# exit

Exits the configuration mode and enters the next higher configuration mode.

Step 5

route-mapmap-tag {permit | deny} [sequence-number]

Example:

Router(config)# route-map rt-mapping permit 10

Configures a route map that permits or denies the routes allowed by the subsequent
match command.

This example permits the routes allowed by the subsequent
match command.

Step 6

matchextcommunityextended-community-list-name

Example:

Router(config-route-map)# match extcommunity 22

Matches on the specified community list.

For this example, routes that match the extended community list 22 (which was configured in Step 3) are subject to the subsequent
set commands.

Step 7

setextcomm-listextcommunity-namedelete

Example:

Router(config-route-map)# set extcomm-list 22 delete

Deletes the RT from routes that are in the specified extended community list.

For this example, RTs are deleted from routes that are in extended community list 22.

Step 8

setextcommunityrtrangestart-valueend-value

Example:

Router(config-route-map)# set extcommunity rt range 500:1 500:9

For the routes that are permitted by the route map, sets the specified RT range of extended community attributes, inclusive.

For this example, routes that match extended community 22 have their RT extended community attribute values set to 500:1, 500:2, 500:3, 500:4, 500:5, 500:6, 500:7, 500:8, and 500:9.

Replacing a Range of RTs with an RT

Perform this task on an ingress ASBR to replace an RT range of attributes with an RT attribute. This task assumes you already configured the egress ASBR to replace the RT with an RT range; that task is described in the “Replacing an RT with a Range of RTs” section.

SUMMARY STEPS

1.enable

2.configureterminal

3.ipextcommunity-listexpanded-list {permit | deny} rtreg-exp

4.exit

5.route-mapmap-tag {permit | deny} [sequence-number]

6.matchextcommunityextended-community-list-name

7.setextcomm-listextcommunity-namedelete

8.setextcommunityrtvalueadditive

9.exit

10.route-mapmap-tag {permit | deny} [sequence-number]

11.exit

12.routerbgpas-number

13.neighborip-addressremote-asautonomous-system-number

14.address-familyvpnv4

15.neighborip-addressactivate

16.neighborip-addressroute-mapmap-tagin

17.exit-address-family

DETAILED STEPS

Command or Action

Purpose

Step 1

enable

Example:

Router> enable

Enables privileged EXEC mode.

Enter your password if prompted.

Step 2

configureterminal

Example:

Router# configure terminal

Enters global configuration mode.

Step 3

ipextcommunity-listexpanded-list {permit | deny} rtreg-exp

Example:

Router(config)# ip extcommunity-list 128 permit rt 500:[1-9]

Configures an IP extended community list to configure Virtual Private Network (VPN) route filtering, such that routes with the specified RT range are in the extended community list.

This example permits routes having RTs in the range 500:1 to 500:9 into the extended community list 128.

Step 4

exit

Example:

Router(config-extcomm-list)# exit

Exits the configuration mode and enters the next higher configuration mode.

Step 5

route-mapmap-tag {permit | deny} [sequence-number]

Example:

Router(config)# route-map rtmap2 permit 10

Configures a route map that permits or denies the routes allowed by the subsequent
match command.

This example permits the routes allowed by the subsequent
match command.

Step 6

matchextcommunityextended-community-list-name

Example:

Router(config-route-map)# match extcommunity 128

Matches on the specified community list.

In this example, routes that match the extended community list 128 (which was configured in Step 3) are subject to the subsequent
set commands.

Step 7

setextcomm-listextcommunity-namedelete

Example:

Router(config-route-map)# set extcomm-list 128 delete

Deletes the RTs in the range from routes that are in the specified extended community list.

In this example, RTs in the range are deleted from routes that are in extended community list 128.

Step 8

setextcommunityrtvalueadditive

Example:

Router(config-route-map)# set extcommunity rt 400:1 additive

Sets the routes that are permitted by the route map with the specified RT.

In this example, routes that match extended community 128 have their RT set to 400:1. The
additive keyword causes the RT to be added to the RT list without replacing any RTs.

Example: Replacing an RT with a Range of RTs

In the following example, on the egress ASBR,
routes having RT 101:100 are in the extended community list 22. A
route-map named rt-mapping matches on extended community list 22
and deletes the RT from routes in the community list. Routes that
match the community list have their RT set to an RT in the range
from 500:1 to 500:9. The route map is applied to the neighbor
192.168.103.1.

Example: Replacing an RT with a Range of VPN Distinguishers

In the following example, on the egress ASBR,
routes having RT 201:100 are in the extended community list 22. A
route-map named rt-mapping matches on extended community list 22
and deletes the RT from routes in the community list. Routes that
match the community list have their VPN distinguishers set to VPN distinguishers in the range
from 600:1 to 600:8. The route map is applied to the neighbor
192.168.103.1.

On the ingress ASBR, VPN distinguishers in the range 600:1 to
600:8 belong to extended community list 101. A route map named
rtmap2 maps those VPN distinguishers to RT range 700:1 700:10. The route map is applied to the
neighbor 192.168.0.50. The additive option adds the new range to the existing value without replacing it.

Technical Assistance

Description

Link

The Cisco Support website provides extensive online resources,
including documentation and tools for troubleshooting and
resolving technical issues with Cisco products and technologies.

To receive security and technical information about your
products, you can subscribe to various services, such as the
Product Alert Tool (accessed from Field Notices), the Cisco
Technical Services Newsletter, and Really Simple Syndication
(RSS) Feeds.

Access to most tools on the Cisco Support website requires a
Cisco.com user ID and password.

The following table provides release information about the feature or features described in this module. This table lists only the software release that introduced support for a given feature in a given software release train. Unless noted otherwise, subsequent releases of that software release train also support that feature.

Use Cisco Feature Navigator to find information about platform support and Cisco software image support. To access Cisco Feature Navigator, go to
www.cisco.com/​go/​cfn. An account on Cisco.com is not required.

The BGP—RT and VPN Distinguisher Attribute Rewrite Wildcard feature introduces the ability to set a range of route target (RT) community attributes or VPN distinguisher community attributes when mapping them. A network administrator might want to map one or more RTs at an egress ASBR to different RTs at an ingress ASBR. The VPN Distinguisher Attribute feature allows an administrator to map RTs to a VPN distinguisher that is carried through an eBGP and then mapped to RTs at an ingress ASBR. The mapping is achieved by configuring a route map that sets an RT range or VPN distinguisher range of extended community attributes. Specifying a range rather than individual RTs saves time and simplifies the configuration. Furthermore, a VPN distinguisher range allows more than one VPN distinguisher attribute per route-map clause, thereby removing the restriction that applied prior to this feature.